1 files changed, 89 insertions, 10 deletions
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c
index 47a78e2bb..0731fc06f 100644
--- a/src/identity/identity_api.c
+++ b/src/identity/identity_api.c
@@ -1136,11 +1136,11 @@ GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose,
 ssize_t
-GNUNET_IDENTITY_encrypt (const void *block,
+GNUNET_IDENTITY_encrypt_old (const void *block,
-                         size_t size,
+                             size_t size,
-                         const struct GNUNET_IDENTITY_PublicKey *pub,
+                             const struct GNUNET_IDENTITY_PublicKey *pub,
-                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result)
+                             void *result)
 {
  struct GNUNET_CRYPTO_EcdhePrivateKey pk;
  GNUNET_CRYPTO_ecdhe_key_create (&pk);
@@ -1175,11 +1175,90 @@ GNUNET_IDENTITY_encrypt (const void *block,
 ssize_t
-GNUNET_IDENTITY_decrypt (const void *block,
+GNUNET_IDENTITY_encrypt2 (const void *pt,
-                         size_t size,
+                          size_t pt_size,
-                         const struct GNUNET_IDENTITY_PrivateKey *priv,
+                          const struct GNUNET_IDENTITY_PublicKey *pub,
-                         const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                          void *ct_buf,
-                         void *result)
+                          size_t ct_size)
+{
+  struct GNUNET_HashCode k;
+  struct GNUNET_CRYPTO_FoKemC *kemc = (struct GNUNET_CRYPTO_FoKemC*) ct_buf;
+  unsigned char *encrypted_data = (unsigned char*) &kemc[1];
+  unsigned char nonce[crypto_secretbox_NONCEBYTES];
+  unsigned char key[crypto_secretbox_KEYBYTES];
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key),
+                                                            kemc,
+                                                            &k))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key,
+                                                            kemc,
+                                                            &k))
+      return -1;
+    break;
+  default:
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n");
+    return -1;
+  }
+  memcpy (key, &k, crypto_secretbox_KEYBYTES);
+  memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
+          crypto_secretbox_NONCEBYTES);
+  crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key);
+  return pt_size + crypto_secretbox_MACBYTES + sizeof (*kemc);
+}
+ssize_t
+GNUNET_IDENTITY_decrypt2 (const void *ct_buf,
+                          size_t ct_size,
+                          const struct GNUNET_IDENTITY_PrivateKey *priv,
+                          void *pt,
+                          size_t pt_size)
+{
+  struct GNUNET_HashCode k;
+  struct GNUNET_CRYPTO_FoKemC *kemc = (struct GNUNET_CRYPTO_FoKemC*) ct_buf;
+  unsigned char *encrypted_data = (unsigned char*) &kemc[1];
+  unsigned char nonce[crypto_secretbox_NONCEBYTES];
+  unsigned char key[crypto_secretbox_KEYBYTES];
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key),
+                                                            kemc,
+                                                            &k))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key),
+                                                            kemc,
+                                                            &k))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  memcpy (key, &k, crypto_secretbox_KEYBYTES);
+  memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
+          crypto_secretbox_NONCEBYTES);
+  if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc),
+                                  nonce, key))
+    return -1;
+  return ct_size - sizeof (*kemc) - crypto_secretbox_MACBYTES;
+}
+ssize_t
+GNUNET_IDENTITY_decrypt_old (const void *block,
+                             size_t size,
+                             const struct GNUNET_IDENTITY_PrivateKey *priv,
+                             const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             void *result)
 {
  struct GNUNET_HashCode hash;
  switch (ntohl (priv->type))

diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 47a78e2bb..0731fc06f 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c
@@ -1136,11 +1136,11 @@ GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose,
1136		1136
1137		1137
1138	ssize_t	1138	ssize_t
1139	GNUNET_IDENTITY_encrypt (const void *block,	1139	GNUNET_IDENTITY_encrypt_old (const void *block,
1140	size_t size,	1140	size_t size,
1141	const struct GNUNET_IDENTITY_PublicKey *pub,	1141	const struct GNUNET_IDENTITY_PublicKey *pub,
1142	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,	1142	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
1143	void *result)	1143	void *result)
1144	{	1144	{
1145	struct GNUNET_CRYPTO_EcdhePrivateKey pk;	1145	struct GNUNET_CRYPTO_EcdhePrivateKey pk;
1146	GNUNET_CRYPTO_ecdhe_key_create (&pk);	1146	GNUNET_CRYPTO_ecdhe_key_create (&pk);
@@ -1175,11 +1175,90 @@ GNUNET_IDENTITY_encrypt (const void *block,
1175		1175
1176		1176
1177	ssize_t	1177	ssize_t
1178	GNUNET_IDENTITY_decrypt (const void *block,	1178	GNUNET_IDENTITY_encrypt2 (const void *pt,
1179	size_t size,	1179	size_t pt_size,
1180	const struct GNUNET_IDENTITY_PrivateKey *priv,	1180	const struct GNUNET_IDENTITY_PublicKey *pub,
1181	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,	1181	void *ct_buf,
1182	void *result)	1182	size_t ct_size)
		1183	{
		1184	struct GNUNET_HashCode k;
		1185	struct GNUNET_CRYPTO_FoKemC kemc = (struct GNUNET_CRYPTO_FoKemC) ct_buf;
		1186	unsigned char encrypted_data = (unsigned char) &kemc[1];
		1187	unsigned char nonce[crypto_secretbox_NONCEBYTES];
		1188	unsigned char key[crypto_secretbox_KEYBYTES];
		1189
		1190	switch (ntohl (pub->type))
		1191	{
		1192	case GNUNET_IDENTITY_TYPE_ECDSA:
		1193	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key),
		1194	kemc,
		1195	&k))
		1196	return -1;
		1197	break;
		1198	case GNUNET_IDENTITY_TYPE_EDDSA:
		1199	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key,
		1200	kemc,
		1201	&k))
		1202	return -1;
		1203	break;
		1204	default:
		1205	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n");
		1206	return -1;
		1207	}
		1208	memcpy (key, &k, crypto_secretbox_KEYBYTES);
		1209	memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
		1210	crypto_secretbox_NONCEBYTES);
		1211	crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key);
		1212	return pt_size + crypto_secretbox_MACBYTES + sizeof (*kemc);
		1213	}
		1214
		1215
		1216	ssize_t
		1217	GNUNET_IDENTITY_decrypt2 (const void *ct_buf,
		1218	size_t ct_size,
		1219	const struct GNUNET_IDENTITY_PrivateKey *priv,
		1220	void *pt,
		1221	size_t pt_size)
		1222	{
		1223	struct GNUNET_HashCode k;
		1224	struct GNUNET_CRYPTO_FoKemC kemc = (struct GNUNET_CRYPTO_FoKemC) ct_buf;
		1225	unsigned char encrypted_data = (unsigned char) &kemc[1];
		1226	unsigned char nonce[crypto_secretbox_NONCEBYTES];
		1227	unsigned char key[crypto_secretbox_KEYBYTES];
		1228
		1229	switch (ntohl (priv->type))
		1230	{
		1231	case GNUNET_IDENTITY_TYPE_ECDSA:
		1232	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key),
		1233	kemc,
		1234	&k))
		1235	return -1;
		1236	break;
		1237	case GNUNET_IDENTITY_TYPE_EDDSA:
		1238	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key),
		1239	kemc,
		1240	&k))
		1241	return -1;
		1242	break;
		1243	default:
		1244	return -1;
		1245	}
		1246	memcpy (key, &k, crypto_secretbox_KEYBYTES);
		1247	memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
		1248	crypto_secretbox_NONCEBYTES);
		1249	if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc),
		1250	nonce, key))
		1251	return -1;
		1252	return ct_size - sizeof (*kemc) - crypto_secretbox_MACBYTES;
		1253	}
		1254
		1255
		1256	ssize_t
		1257	GNUNET_IDENTITY_decrypt_old (const void *block,
		1258	size_t size,
		1259	const struct GNUNET_IDENTITY_PrivateKey *priv,
		1260	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
		1261	void *result)
1183	{	1262	{
1184	struct GNUNET_HashCode hash;	1263	struct GNUNET_HashCode hash;
1185	switch (ntohl (priv->type))	1264	switch (ntohl (priv->type))